//package com.kgc.personprovider.config;
//
//import com.kgc.personprovider.filter.JwtRequestFilter;
//import com.kgc.personprovider.util.CustomPermissionEvaluator;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.access.PermissionEvaluator;
//import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
//import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
//
//@Configuration
////@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true) // 启用方法级权限注解（如 @PreAuthorize）
//public class ServiceSecurityConfig extends WebSecurityConfigurerAdapter {
//
//    @Autowired
//    private JwtRequestFilter jwtRequestFilter; // 可选：二次校验 Token（高安全场景）
//
//    @Autowired
//    private CustomPermissionEvaluator customPermissionEvaluator; // 自定义权限校验逻辑
//
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        http
//                .csrf().disable() // 网关统一处理 CSRF
//                .authorizeRequests()
//                .anyRequest().permitAll() // 由网关完成认证，服务层不做路径级拦截
//                .and()
//                .sessionManagement()
//                .sessionCreationPolicy(SessionCreationPolicy.STATELESS); // 无状态会话
//
//        // 添加自定义过滤器（如二次校验 Token）
//        http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
//    }
//
//    // 配置方法级权限表达式处理器（集成自定义 PermissionEvaluator）
//    @Bean
//    public MethodSecurityExpressionHandler methodSecurityExpressionHandler() {
//        DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler();
//        handler.setPermissionEvaluator(customPermissionEvaluator);
//        return handler;
//    }
//
//
//}